package com.yubest.shiro.controller;

import com.yubest.shiro.bean.Response;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.*;

/**
 * 登陆、退出
 *
 * @Author: hweiyu
 * @Date: 2022/11/7 11:55
 */
@RestController
public class LoginController {

    @PostMapping(value = "/login")
    public Response<String> login(@RequestParam String username, @RequestParam String password) {
        Subject subject = SecurityUtils.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        // 登录验证
        subject.login(token);
        String tokenStr = String.valueOf(subject.getSession().getId());
        return Response.ok(tokenStr);
    }

    @RequiresPermissions(value = {"logout"})
    @GetMapping("/logout")
    public Response<Void> logout() {
        SecurityUtils.getSubject().logout();
        return Response.ok(null);
    }

}
